Unrated severityNVD Advisory· Published Feb 24, 2026· Updated Feb 24, 2026

CVE-2025-11846

Description

A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request.

Affected products

Zyxel/VMG3625-T50Bllm-fuzzy
Range: <=5.50(ABPM.9.6)C0
Zyxel/WX3100-T0llm-fuzzy
Range: <=5.50(ABVL.4.8)C0
Zyxel/VMG3625-T50B firmwarev5
Range: <= 5.50(ABPM.9.6)C0
Zyxel/WX3100-T0 firmwarev5
Range: <= 5.50(ABVL.4.8)C0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000